Tag Archives: Orchestrator 2012

SCSM 2012: Asset Management Part 6 – Runbook/Automation details

This is the sixth and last part of the blog series about my Asset Management solution for SCSM 2012 R2.
Part 1: General overview
Part 2: Authoring – Classes and Relationships
Part 3: Folders and Views
Part 4: Authoring – Forms
Part 5: Reports

This part of the series covers the runbooks which are created with System Center Orchestrator 2012 R2.

All Orchestrator Runbook servers need the following software and Integration Packs installed:

Nearly all runbooks use the SCSMServer variable, which you need to set:
scsmservervariable

There are three main runbooks. All check the status of Windows Computers and create or update assets. All three inform site owners at the end through email. These activities also need adjustment as you need to enter the SMTP server information and email addresses.

You can read this blog to understand the dependency between the Windows Computer object and the Deployed Computer object from SCCM. There you also see that some information, which we need to create the asset, is in the Deployed Computer object (as the serial number).

1.Create assets:

createassets

This is the main runbook to create the computer assets. It checks if the asset for a deployed Windows Computer exists, if it exists, then it only checks the relationship and updates the asset. If it does not exist, then it gets the required information through the sub runbooks and then creates the asset and the necessary relationships.

2. Update assets:
updateassets
This runbook only updates the location information, if the asset was re-imaged at a new site.

3. Check deleted:
checkdeleted

This runbook only checks for deleted objects, but does not delete the asset, as it should stay in the database.

The following sub runbooks get additional information for the assets.

Get Location information:
getlocationinfo
This runbook checks if the list entries exist for the country and site and if they are new, then it creates the enum list entry.

This runbook in the “Get Location Info” activity checks a local text file, which has the site information in this format Shortname – Site – Country – Region. Example: FRA – Frankfurt – Germany – Europe. You can also query that information from a database if you have it there.

In the “Check Country/Site” activity it checks if the enum value exists and if not, then it creates it. You will need to check, if you have another GUID for your enum lists:

$CountryEnum=’c94c8568-8cc8-2f32-ec3a-8b8b04cc9848′

$SiteEnum=’9d07bd6a-9e08-439e-486c-4ba4e7f88b30′

Check Model/Manufacturer:
checkmodelmanufacturer

This runbook checks if the list entries exist for the model and manufacturer and if they are new, then it creates the enum list entry.

You will need to check, if you have another GUID for your enum lists:

$ManufacturerEnum=’6e131742-a95b-6143-05c8-ee0f1aabae06′
$ModelEnum=’457cb61d-0c0c-7229-62ef-7b343f7b7941′

Get Warranty information: Find detailed information in this post.
getwarranty

Create AssetToComputerAsset Relationship:

createassetrelationship

Create AssetCustodian Relationship:

setcustodian

Check Relationships:

checkrelationships
Additionally we have this runbook, which checks the relationships for all classes to the AssetManagementBase class and creates them, if they do not exist.

These runbooks all only check the Windows Computer objects. If you have another source which you can use to create/update other asset object types, then you can create your own runbooks for it.

Have fun!

 

 

SCSM 2012: Asset Management

This blog will be the first part of a series about my Asset Management solution for SCSM 2012 R2. It will give a general overview about the solution. The following parts will go into the details.

Part 2: Authoring – Classes and Relationships
Part 3: Authoring – Folders and Views
Part 4: Authoring – Forms
Part 5: Reports
Part 6: Runbook/Automation details

I was asked by a colleague end of last year, if we can manage hardware assets with System Center Service Manager 2012 R2. I found a solution from Steve Beaumont for SCSM 2010 besides the solutions with costs from Cireson or Provance for example. I contacted Steve and after discussing the options I started to create a new solution for SCSM 2012 R2 based on Steves template. The new solution is designed to meet the requirements of the requesting company but can also be adopted to other companies needs.

The solution covers the following requirements:

  • Sync with Active Directory (User), SCCM (PCs)
  • Assets should stay in the DB
  • Custodian should be linked to Asset
  • Read PC warranty information from Dell
  • Fill location information automatically
  • Additional categories for Computer Assets: Kiosk, Lab, Test
  • Create Assets automatically based on existing Windows Computer objects in SCSM (sync with SCCM)
  • Email notifications for new/deleted/updated objects

Prerequisites:

  • The Windows Computer names need to follow this structure: ❤ letter site Code><Serialnumber>.
  • Enable AD and SCCM connectors in SCSM.
  • Install Service Management console and SMlets on the Orchestrator Runbook Server.

How is this implemented?

To achieve that the asset stays in the DB, the solution creates an Asset class based on the ComputerHardware class. When a new Asset gets created then it needs to be assigned to the Windows Computer object. The Orchestrator automation runbooks are handling that. So it can happen that multiple Windows Computer objects which are created in SCSM get linked to one Asset object. With that you can see the history of the Asset deployment.

The Custodian also needs to be linked to the Asset, because the Asset is the hardware that should have a defined owner, which does not change when the system gets reimaged. The automation will take the primary user of the deployed Windows Computer as first Custodian, but this needs to be manually reviewed, because this could not be the real owner of the hardware (shared machines, etc.).

Classes and Relationships:

Classes

An Asset Management workspace is created and views for the new classes and some additional useful views.

views

This form shows which information can be entered for the ComputerAsset. The other asset forms look nearly the same (only the Category field is missing).

ComputerAsset

The Custodian can be selected in the AssetCustodian field. All other drop down fields reference predefined liss. The Windows Computer can be assigned in the Related Items tab. Also the Order can be referenced there.

The order form is very short and simple.Order

Some runbooks are created in Orchestrator to automate the creation of the ComputerAsset objects in SCSM and keep them updated, . Here is a short overview:

processes.JPG

All three main runbooks (Create Asset, Update Asset, Check deleted Windows Computer) check the Windows Computer objects first, then the Computer (Deployed) objects (synced from SCCM) and at last checks if an Asset object exists.

Additionally to that sub workflows are called to check the location, get the warranty, etc.

General considerations

  • Not everything can be automated, so every created/updated/deleted asset needs to be reviewed. Emails are send out to inform responsible teams to review.
  • The solution is an example how hardware asset management can be done with SCSM. It can be extended with additional class types, other properties, different automation, etc.

The solution can be downloaded from Github and you can watch a video on YouTube, which shows the solution in the SCSM console and the Orchestrator runbooks. I already presented about this solution at a German conference. So if you want to watch a German video, then you find it here.

In the other parts of my series I will go into more details how the solution is designed. So stay tuned ;-).

 

 

 

PowerShell: Temperature monitoring

If you want to monitor the temperature of your server rooms, then you have a lot of options. One is a temperature module, which is directly connected to your network and where you can access the temperature value through a XML file like: http://moduleIP/state.xml.

state.xml

We have used a solution from ControlByWeb, a PoE module with one sensor.

The idea is to have a System Center Orchestrator runbook, which checks the temperature of all sensors and creates a SCOM alert when the temperature is higher than the threshold of 30°C.

CheckTemp.xps.1

Then we also wanted to have a view directly in SCOM with the current values for all sensors. I used the PowerShell Web Widget for this.

TempSensorSCOM

The main part for all of this is a PowerShell script.

You can even use parts of the script and collect the data in SCOM.

Graph

But herefore you will need one rule for each sensor.

Functionality description:

The script reads a text file from a share with all IP addresses and names of the temperature modules.
Example:
192.168.10.110, Frankfurt
192.168.10.111, Paris

Then it connects to each module, loads the state.xml and reads the value of the first sensor.
With that data it creates an HTML table and writes that to a HTML file in a share on a web server.
The last step is that it can load the web page in the PowerShell Web Widget.

You can download the script on TechNet Gallery.

 

 

 

Orchestrator 2012: Start server patching from Service Manager

In my MMS 2015 session “Real world Automation with Service Manager and Azure Automation” with Steve Buchanan I showed how you can patch Servers initialized from a Service Manager Change Request.

The idea behind that is that there are systems which cannot be patched (and rebooted) during normal patch windows because the application owners need to control the outage times by themselves. They only know when production can handle a server outage. With Service Manager they can follow the ITIL Standards and create a Change Request, select a SCCM Collection with its Servers and the Software Updates to be applied. The Change Request will then call an Orchestrator Runbook and implement the Patches on all Servers in the given Collection.

Prerequisites:

  • The Software Updates need to be pre-deployed to all effected Servers through SCCM (Deployment Type: Available).
  • System Center Orchestrator 2012 R2, System Center Service Manager 2012 R2, System Center Configuration Manager 2012 R2
  • Log Database on SQL to store process Information
  • Sync SCCM Collections with SCSM

Temp DB Setup:

tempdb

MMSPatch

serverstatus

SoftwareUpdate

SoftwareUpdateInstall

Service Manager:

Select Template: (Patch Server)
template

Enter Title:
CR

Select Config Items to Change – SCCM Collection (Collection Info):
ConfigItems

Select Related Items – Configuration Items: Computers, Services and People (Software Update):
RelatedItems

Runbook Automation Activity:
Activity

Runbooks:

The following screenshots show the runbooks which are used for this solution.

The main runbook:

Install Software Updates (called from SCSM)MMS - Install Software Updates

Sub runbooks:

Get CR Details (writes all necessary CR information to the DB)

MMS - Get CR Details

Get Software Updates (write Software Update Information to the DB)MMS - Get Software Updates

Get Collection IDs (writes SCCM Collection Information to the DB)MMS - Get Collection IDs

Split Patching by Server (gets all Servers within the Collection)
MMS - Split By Server

Split by Patch (reads all updates from the DB)

SCCM - Split By Patch

Check Updates (checks if the Patch is available on the machine)
MMS - Check Updates

Install Update (installs the update on the machine)
SCCM - Install Updates

Update CR (updates the Change Request)
MMS - Update CR

Improvement ideas:

  • Use Service Request instead of CR
  • Import SCCM Software Update Groups into SCSM and select them

This YouTube-Video shows you the process in action.

The complete solution can be downloaded here.

Midwest Management Summit 2015

If you never heard of MMS or Midwest Management Summit then I will try to help with that. MMS is a conference, which started in 1998 and was initialy more a user group meeting, the main focus was SCCM. That conference ran so well that Microsoft took it over and dropped it after 2013. So the Minnesota System Center User Group restarted the initiative 2014 and now MMS is in its second year again. The difference between the conference held by Microsoft and the one from the user group is that it is smaller (which is really positive) and closer to the customer. You can feel that it is not a Microsoft promotion but a real user group event. The people have time to talk to each other and they use the chance. Speakers are close and the fact that the sessions are not recorded also help to avoid fears. So besides the System Center Universe conferences this is the conference you should attend specially when you are based in the US.

MMS 2015 was held in Minneapolis (Minnesota) between Sunday, Nov. 8th, and Wednesday, Nov. 11th, at the Radisson Blu Mall of America. The  location was fantastic. Great hotel and I do not need to mention the mall nearby ;-). There were some pre-conf sessions on Sunday and also the welcome reception, where attendees and speakers could meet first time.

It was my first time speaking and it was a pleasure to do that during this conference. The technical support was very good, they were in the room 10 min before the session started, to fix things. The organization and communication before and during the conference was great. The only negative thing which was mentioned by nearly every speaker was the bad wifi connection.

I had two sessions:

To my co-presenters: you were wonderful! We rocked it ;-).

I attended most of the SCOM sessions and also the early bird sessions for Data Center and Cloud Management and realized that all SCOM sessions covered different parts. So that was really good, not much overlaps.

I met a lot fantastic people and even the Jet lag did not reduce the fun we all had.

The next MMS will take place between May 17th and May 19th 2016 at the same place as this year. So add this to your schedule, perhaps you can meet some of us there.

Here are some impressions:

20151108_192618899_iOS Entrance of the Radisson Blu1stSession Steve, Rob and I20151110_104946000_iOS My first sessionIMG_0745 Nat, Cameron & Nat20151109_150824167_iOS Lee & SamIMG_0791 Nat, Dieter & NatNat-Nat-John Nat, John & Nat20151112_022658000_iOSFinal Dinner at The Crave

Orchestrator 2012: Too much queued policy instances caused Orchestrator to slow down dramatically

Recently I had a situation with my System Center Orchestrator 2012 SP1 environment, where the Runbook Designer behaved strangely. I saw that when I started a runbook, it was not updating the log only the log history, when the runbook was finished. It also seemed to take longer than normal until the runbook was finished.
I started to check some things in my environment:

  • I checked the size of my database: with 2GB it was not too big
  • I checked the performance of my Management and Runbook servers. All looked normal.
  • I restarted the services. That did not help
  • I cleaned up some things in the DB => cleaned orphaned log entries from runbooks, deleted some old runbooks, which were not required anymore, purged the logs.
  • Then I checked the logging settings for all runbooks. With that I found one runbook, where the logging was enabled and it was currently running. But I could not stop it! It gave me an error like “Unable to un-deploy the runbook“. (sorry, I missed to create a screenshot of it 😉 ) I saw that the job history showed current entries and created always new ones. This runbook was invoked by another one, this invokation filled up the queue.

I searched around and found some SQL queries I could use to investigate more. So I logged on to the SQL server with the Orchestrator instance on it and ran the following query:

SELECT * FROM POLICY_PUBLISH_QUEUE

This gave me all instances of policies which were queued right now. And I had 350000 in there! That was the problem. I looked through the results and saw that most entries came from one policy/runbook. So I used this query to find more details about it:

SELECT POLICYINSTANCES.PolicyID ,POLICYINSTANCES.TimeStarted, POLICYINSTANCES.TimeEnded, POLICYINSTANCES.ProcessID, POLICYINSTANCES.SeqNumber, POLICIES.Name FROM POLICYINSTANCES INNER JOIN POLICIES ON POLICYINSTANCES.PolicyID = POLICIES.UniqueID WHERE POLICYINSTANCES.PolicyID = ‘PolicyID’

With that I could verify that it was the runbook, which was not stopping. So I used the next query to delete the entries from this policy out of the queue:

DELETE FROM [POLICY_PUBLISH_QUEUE] WHERE [PolicyID] =’PolicyID’

Now the queue only had 10 entries left in it :-).

I shrinked the database and checked the Orchestrator performance again and it was back to normal.

Wonderful!

Orchestrator 2012: Reset SCOM 2012 monitor for closed alert

Everyone who works with System Center Operations Manager 2012 knows the problem of closed alerts where the monitor has not been reset first. The monitor will stay in the unhealthy state and no new alerts will be created anymore until the monitor gets reset.

You can create a scheduled task with a script on a management server or use Orchestrator for it. I found this blog which describes how to use the “Monitor alert” activity and then run a script afterwards. http://blog.scomfaq.ch/2012/05/05/reset-monitor-using-scom-2012-and-orchestrator-a-must-have-runbook/
I like the “Monitor alert” activity but I would like to reduce the number of scripts which connect to the management group.

So I have created another runbook.

resetmonitor

The first activity “Check every 5 min” triggers the runbook every 5 min. I think that is a good timeframe to check for closed alerts.

The next activity “Reset Monitor” runs on the Runbook server. It uses PowerShell and imports the SCOM 2012 module, so this must be installed on the Runbook Servers and the execution policy should be set to remotesigned.

Here are the details of the activity:

dotnet

$Alertname=@();
$State=@();
$Displayname=@();
# Import Operations Manager Module and create Connection
Import-Module OperationsManager;
New-SCOMManagementGroupConnection %ManagementServerName%;
$alerts=get-scomalert -Criteria “Severity!=0 AND IsMonitorAlert=1 AND ResolutionState=255″| where {$_.LastModified -ge ((get-date).AddMinutes(-5)).ToUniversalTime()}
if ($alerts -is [object])
{
foreach ($alert in $alerts)
{
$monitoringobject = Get-SCOMClassinstance -id $alert.MonitoringObjectId
# Reset Monitor
If (($monitoringobject.HealthState -eq ‘Error’) -or ($monitoringobject.HealthState -eq ‘Warning’))
{
$monitoringobject.ResetMonitoringState()
$State+=$monitoringobject.HealthState
$Displayname+=$monitoringobject.displayname
$Alertname+=$alert.Name
}
}
}

The script gets all closed alerts from monitors with severity ‘Warning’ or ‘Critical’ within the last 5 min and only resets the monitor if it is still in ‘Error’ or ‘Warning’ HealthState. You could use this script also for a scheduled task on a management server.

The published data is Alertname, State, Displayname, you could also publish other data, but that was what I needed for troubleshooting.

Orchestrator 2012: Undo Runbook Checkout

I recently had an issue with a Runbook, that I checked out in th Runbook Designer. The problem was that I had to reboot the machine where the Runbook Designer was running on. The result was, that the Runbook Designer lost the current session and I could not see the Runbook anymore in the designer after the restart.

It was a really long Runbook and I didn’t wanted to recreate it. So how can I undo the checkout now without having the Runbook in the Runbook Designer?

I checked directly in the Orchestrator database.

SELECT [UniqueID]
      ,[Name]
      ,[CheckOutUser]
      ,[CheckOutTime]
      ,[CheckOutLocation]
     FROM [Orchestrator].[dbo].[POLICIES]
  where Name  = ‘Check server access’

Here is the result:

UniqueID Name CheckOutUser CheckOutTime CheckOutLocation
A6541640-14AD-4AE5-86F5-2C3416152E35 Check server access S-1-5-21-57989841-1960408961-725345543-2108 00:02.0 abcdefg

You can see that the fields ChechOutUser, CheckOutTime and CheckOutLocation have entries. CheckedIn Runbooks have the value NULL in these fields.

So I opened up the table with Edit mode and replaced the entries in the three CheckOut* fields with NULL.

Now I reloaded the Runbook Designer and my missing Runbook was there again.